8 Most Popular Joomla Hacks & How To Avoid Them

30,016 views
29,374 views

Published on

Slides from a SiteGround webinar by SiteGround Joomla Performance Guru, Daniel Kanchev. He reveals the 8 most common ways a Joomla website can get hacked and what you can do to protect yourself from each of those hacks.

Outdated Extensions & Themes
Vulnerable Extensions & Themes
Stolen or Weak Login Details
Outdated / Vulnerable Server Software
Incorrectly Configured Web Server
Vulnerable Joomla on a Host Server
Incorrect Joomla Permissions
Local PC Malware

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
30,016
On SlideShare
0
From Embeds
0
Number of Embeds
58
Actions
Shares
0
Downloads
96
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

8 Most Popular Joomla Hacks & How To Avoid Them

  1. 1. 8 Most Popular Joomla! Hacks 
 &
 How To Avoid Them Daniel Kanchev @dvkanchev
  2. 2. Daniel Kanchev @dvkanchev Before we begin … 7+ Years of Joomla! experience 5 Years with SiteGround Love FOSS Addicted to extreme sports
  3. 3. SiteGround is the home of 100,000 Joomla! sites
  4. 4. We face hundreds if not thousands security attacks per day …
  5. 5. “Why would somebody hack me?”
  6. 6. Hackers don’t really care about your site. All they care is to send some spam.
  7. 7. “Security is a not a product, but a process” If anybody tells you your site is unhackable, that guy is a liar!
  8. 8. 1. Outdated Joomla! Core
  9. 9. Quick demo… …of Joomla! file upload security bug
  10. 10. More info on the hack • All versions before 3.1.5 and 2.5.14 are vulnerable • Can be executed by anybody, no admin rights needed • The attacker can obtain full access to Joomla! and its surrounding userspace
  11. 11. More info on the hack Joomla!! http://goo.gl/8YwZIk! ! Sucuri! http://goo.gl/WjLKGm! ! SiteGround! http://goo.gl/NWkZTz
  12. 12. UPDATE! UPDATE! UPDATE!
  13. 13. Use software to get notified and update Joomla! Core
  14. 14. Admin Tools https://www.akeebabackup.com/products/admintools.html ! ! ! Watchful.li https://watchful.li/features/
  15. 15. SiteGround offers Joomla! Auto Update
  16. 16. Read security bulletins ! Joomla! Security News:! http://feeds.joomla.org/JoomlaSecurityNews ! Sucuri:! http://blog.sucuri.net/?s=joomla
  17. 17. 2. Extensions
  18. 18. Here’s a Scenario: • Your site is up to date • Your extensions are up to date • But you still get hacked… • Wonder why?
  19. 19. Extension vulnerabilities • Sometimes when vulnerability in an extension is found, it takes the extension developers too much time to fix it. • Therefore it’s always good to use a WAF! • WAF = Web Application Firewall
  20. 20. Popular WAFs
  21. 21. SiteGround adds more than 200 mod_sec rules every week.
  22. 22. Example mod_sec rule # 30.Sep.2013 # joomla com_seminar Cross site scripting Vulnerability # http://cxsecurity.com/issue/WLB-2013090184 SecFilterSelective REQUEST_FILENAME "index.php" "chain,id:00680" SecFilterSelective ARG_option "com_seminar" chain SecFilterSelective ARG_search "onmouseover"
  23. 23. CloudFlare and Incapsula are advanced mod_security alike FREE services which add a CDN functionality.
  24. 24. More Security Bulletins Joomla! Extensions Security News:! ! http://feeds.joomla.org/JoomlaSecurityVulnerableExtensions
  25. 25. 3. Themes
  26. 26. “Templates are software, not just a bunch of graphics. Template developers do release security upgrades all the time. Make sure you install them. I've seen many sites getting hacked because of a dated template with a SQL injection or XSS vulnerability.” -Nicholas Dionysopoulos
  27. 27. Example RocketTheme SQL injection in their modules! ! http://www.rockettheme.com/blog/extensions/1300-important-securityvulnerability-fixed !
  28. 28. WAF is good for themes too!
  29. 29. 4. Weak passwords
  30. 30. Let me tell you a story…
  31. 31. On April 9th we got hit by a huge brute force attack towards many Joomla!s
  32. 32. Bots used more than a thousand different IPs per server to scan for passes… … and we blocked more than 92,000 IPs in total across our network in just
  33. 33. In 12 hours we blocked more than 15 million login requests But still, we thought many passwords were guessed
  34. 34. We then tried to brute force our clients ourselves. And we were shocked how many passwords we found.
  35. 35. Over 40% of our customers used Really Weak passwords.
  36. 36. Let me show you how easy it is to guess a dumb password, say: “pass123” Username is admin
  37. 37. So in less than 10 seconds I’ve got your password
  38. 38. Tip: Change your password to a full sentence - it’s easy to remember and hard to guess like: ! “I love to watch the sunset.”
  39. 39. Tip 2: Change your username! admin2 is not acceptable too ;) Try with: ! yourname_@dm1n
  40. 40. Tip 3: Additionally secure your administrator login page • Allow access only from certain IP addresses • Add Captcha • Password protect the administrator folder • Use secret URL parameters
  41. 41. 5. Outdated Server Software
  42. 42. Old PHP 5.3 running as CGI remote execution exploit http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
  43. 43. Quick demo…
  44. 44. Make sure your server side software is current at all times.
  45. 45. 6. Incorrectly configured server software
  46. 46. Apache Symlinks bug http://seclists.org/fulldisclosure/2013/Aug/81 The Problem: public_html/fred.txt —> /home/otheracct/public_html/configuration.php The Solution: Add to httpd.conf or .htaccess file: SymLinksIfOwnerMatch
  47. 47. 7. Joomla! Permissions
  48. 48. Correct Joomla! Permissions set • Folders: 755 • Files: 644 • configuration.php: 444
  49. 49. Incorrect Joomla! Permissions set • All: 777 • Anything more than: 755
  50. 50. It’s a must to have account isolation, when hosted on shared.
  51. 51. 8. Malware
  52. 52. Viruses and Trojans steal your login details.
  53. 53. Stay up to date on anti-virus software.
  54. 54. So let’s recap… • Update your Joomla! • Update your extensions. Read security bulletins ones in a while. • Update your themes. Don’t forget that! • Use strong passwords and non default admin usernames. • Make sure your server side software is current (PHP, Apache, MySQL) • Make sure your server side software is correctly setup • Use correct file permissions for Joomla! • Watch up for that sneaky malware
  55. 55. Questions?
  56. 56. Thank you! ! 70% OFF HOSTING DISCOUNT ! http://www.siteground.com/webinar

×